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SPECIFICATION 

INFORMATION PROCESSING APPARATUS AND METHOD, RECORDING 
MEDIUM AND PROGRAM 

Field of the Invention 

The present invention relates to information processing apparatus and 
method, a recording medium and a program, and more particularly to an information 
processing apparatus capable of properly measuring a time taken to reach a 
communication partner, and to an information processing method, a recording 
medium and a program. 

Background Art 

Recently, widespreading networks, such as a network (hereinafter 
called WAN (Wide Area Network)) typically represented by the Internet, which is 
publicly used over a wide area and a network (hereinafter called LAN (Local Area 
Network) which is installed in ordinary houses or the like and used locally, various 
data communications via these networks, are mainstream. 

When image content, music content and the like are transmitted over a 
network, authentication and key exchange are performed for a communication 
partner and the content is enciphered and transmitted (refer to the following 
document). 

DTCP Specification Volume 1 Version 1.3 (Information Version) 
http://www.dtcp.com/daTa/info_20040 1 07_dtcp_Vol_l _1 p3 .pdf 

There arises herein the case that although copy and transmission in a 
home are permitted, content transmission to another home connected to WAN is 
restricted from the viewpoint of copyrights. For example, although a content of 




recorded television broadcast can be used if only it is used privately (in a home), if 
the content is transmitted via the Internet to a third party, it can be considered that 
this infringes the copyright,, thus a restriction of this kind is therefore necessary. 

Under this restriction, an apparatus (transmitter) for transmitting a 
5 content protected under copyright is required to judge whether a communication 
partner apparatus (receiver) for receiving the content is in the same LAN or 
connected via WAN (the Internet). 

For example, whether the communication partner is connected via 
WAN (the Internet) can be known by checking from the IP address whether the 
10 communication partner is in the same subnet or by using the number (Hop Count) of 
IP routers through which an IP communication packet passes. However, if 
technologies such as VPN (Virtual Private Network) are used, even communications 
via WAN (the Internet) can establish a connection like the same subnet connected 
without an IP router. Namely, the content can be improperly acquired. 

15 

Disclosure of the Invention 

The present invention has been made in consideration of the 
above-described circumstances and aims to measure a communication distance based 
on a response time of a receiver to a predetermined command to thereby judge, e.g., 

20 whether or not the receiver is connected to the same LAN as that of the transmitter. 

A first information processing apparatus of the present invention is 
characterized by having: command transmission means for, after authentication data 
is generated in accordance with shared data shared with a receiving apparatus, 
transmitting a command for requesting for a response to the receiving apparatus; 

25 authentication means for authenticating the receiving apparatus in accordance with 
an expected value generated based upon the shared data and the authentication data 
generated at the receiving apparatus; measurement means for measuring a response 



time taken by the receiving apparatus to respond to the command; and judgment 
means forjudging whether data transmission to the receiving apparatus is granted or 
not, in accordance with an authentication result by the authentication means and the 
response time measured by the measurement means. 
5 The command transmission means may transmit the command a 

maximum of N times to judge whether the data transmission is granted or not; and 
the authentication means may authenticate the receiving apparatus in accordance 
with the authentication data corresponding to a transmission sequence of the 
command and a corresponding one of the expected value. 

10 A first information processing method of the present invention is 

characterized by having: a command transmission step of, after authentication data is 
generated in accordance with shared data shared with a receiving apparatus, 
transmitting a command for requesting for a response to the receiving apparatus; an 
authentication step of authenticating the receiving apparatus in accordance with an 

15 expected value generated based upon the shared data and the authentication data 
generated at the receiving apparatus; a measurement step of measuring a response 
time taken by the receiving apparatus to respond to the command; and a judgment 
step of judging whether data transmission to the receiving apparatus is granted or not, 
in accordance with an authentication result by the authentication step and the 

20 response time measured by the measurement step. 

A program of a first recording medium of the present invention is 
characterized by having: a command transmission control step of controlling, after 
authentication data is generated in accordance with shared data shared with a 
receiving apparatus, transmission of a command for requesting for a response to the 

2 5 receiving apparatus; an authentication control step of controlling authentication of 
the receiving apparatus in accordance with an expected value generated based upon 
the shared data and the authentication data generated at the receiving apparatus; a 



measurement control step of controlling measurement a response time taken by the 
receiving apparatus to respond to the command; and a judgment control step of 
controlling judgment whether data transmission to the receiving apparatus is granted 
or not, in accordance with an authentication result by the authentication control step 
5 and the response time measured by the measurement control step. 

A first program of the present invention makes a computer execute a 
process, the process characterized by having: a command transmission control step 
of controlling, after authentication data is generated in accordance with shared data 
shared with a receiving apparatus, transmission of a command for requesting for a 

10 response to the receiving apparatus; an authentication control step of controlling 
authentication of the receiving apparatus in accordance with an expected value 
generated based upon the shared data and the authentication data generated at the 
receiving apparatus; a measurement control step of controlling measurement a 
response time taken by the receiving apparatus to respond to the command; and a 

15 judgment control step of controlling judgment whether data transmission to the 
receiving apparatus is granted or not, in accordance with an authentication result by 
the authentication control step and the response time measured by the measurement 
control step. 

In the first information processing apparatus and method of the 
20 present invention, and program of the present invention, after the authentication data 
is generated in accordance with the shared data shared with the receiving apparatus, 
the command for requesting for the response is transmitted to the receiving apparatus, 
the receiving apparatus is authenticated in accordance with the expected value 
generated based upon the shared data and the authentication data generated at the 
2 5 receiving apparatus, the response time taken by the receiving apparatus to respond to 
the command is measured, and whether data transmission to the receiving apparatus 
is granted or not is judged in accordance with the authentication result and the 



response time. 

A second information processing apparatus of the present invention 
capable of communicating with a transmitting apparatus which judges whether data 
transmission is granted or not, in accordance with an authentication result based on 
5 authentication data generated from shared data shared with the transmitting apparatus 
and a response time to a predetermined command from the transmitting apparatus, is 
characterized by having: authentication data generation means for generating the 
authentication data by subjecting the shared data to a predetermined process, before 
the command is transmitted from the transmitting apparatus; response message 

10 generation means for generating a response message to the command before the 
command is transmitted from the transmitting apparatus, the response message 
including the authentication data generated by the authentication data generation 
means; and transmission means for transmitting the response message to the 
transmitting apparatus when the command transmitted from the transmitting 

15 apparatus is received. 

The shared data may be a quasi random number, the quasi random 
number may be transmitted from the transmitting apparatus before the command is 
transmitted, the authentication data generation means may subject the quasi random 
number to a Keyed-Hash process and a resultant Hash value may be used as the 

20 authentication data. 

The authentication data generation means may execute a Keyed-Hash 
process relative to the quasi random number and information specific to the 
information processing apparatus and may use a resultant Hash value as the 
authentication data. 

25 If the command is transmitted from the transmitting apparatus a 

maximum of N times to judge whether data transmission is granted or not, the 
authentication data generation means may execute the process relative to the shared 



data before a first one of the command is transmitted from the transmitting apparatus 
and generates N sets of the authentication data corresponding to N sets of the 
command to be transmitted. 

The transmission means may transmit the response message generated 
5 by the response message generation means to the transmitting apparatus in such a 
manner that N sets of the authentication data are supplied to the transmitting 
apparatus in a sequence agreed beforehand with the transmitting apparatus. 

The authentication data generation means may divide the data 
obtained by subjecting the shared data to the process into a plurality of data pieces 
10 and may generate N sets of the authentication data from the divides data. 

The authentication data generation means may generate N sets of the 
authentication data from data obtained at each process of repetitively executing the 
process relative to the shared data. 

When the command from the transmitting apparatus is received, the 
15 transmission means may transmit a response message to the transmitting apparatus, 
the response message containing new authentication data generated from the 
authentication data and information contained in the command. 

A second information processing method of the present invention is 
characterized by having: an authentication data generation step of generating the 
20 authentication data by subjecting the shared data to a predetermined process, before 
the command is transmitted from the transmitting apparatus; a response message 
generation step of generating a response message to the command before the 
command is transmitted from the transmitting apparatus, the response message 
including the authentication data generated by a process at the authentication data 
2 5 generation step; and a transmission step of transmitting the response message to the 
transmitting apparatus when the command transmitted from the transmitting 
apparatus is received. 



A program of a second recording medium of the present invention is 
characterized by having: an authentication data generation control step of controlling 
generation of the authentication data by subjecting the shared data to a predetermined 
process, before the command is transmitted from the transmitting apparatus; a 
5 response message generation control step of controlling generation of a response 
message to the command before the command is transmitted from the transmitting 
apparatus, the response message including the authentication data generated by a 
process at the authentication data generation step; and a transmission control step of 
controlling transmission of the response message to the transmitting apparatus when 

10 the command transmitted from the transmitting apparatus is received. 

A second program of the present invention is characterized by having: 
an authentication data generation control step of controlling generation of the 
authentication data by subjecting the shared data to a predetermined process, before 
the command is transmitted from the transmitting apparatus; a response message 

15 generation control step of controlling generation of a response message to the 
command before the command is transmitted from the transmitting apparatus, the 
response message including the authentication data generated by a process at the 
authentication data generation step; and a transmission control step of controlling 
transmission of the response message to the transmitting apparatus when the 

20 command transmitted from the transmitting apparatus is received. 

In the second information processing apparatus and method of the 
present invention, and program of the present invention, the authentication data is 
generated by executing the predetermined process relative to the shared data before 
the command is transmitted from the transmitting apparatus, the response message to 

2 5 the command is generated before the command is transmitted from the transmitting 
apparatus, the response message including the generated authentication data, and the 
response message is transmitted to the transmitting apparatus when the command 



transmitted from the transmitting apparatus is received. 

A third information processing apparatus of the present invention is 
characterized by having: authentication data generation means for generating 
command authentication data and response expected value data from shared data 
5 shared with a receiving apparatus; command transmission means for transmitting a 
command for requesting for a response to the receiving apparatus, the command 
containing the command authentication data; response reception means for receiving 
a response to the command from the receiving apparatus; authentication means for 
authenticating the receiving apparatus in accordance with the response expected 

10 value and the response authentication data contained in the response received from 
the receiving apparatus; measurement means for measuring a response time taken by 
the receiving apparatus to respond to the command; and judgment means forjudging 
whether data transmission to the receiving apparatus is granted or not, in accordance 
with an authentication result by the authentication means and the response time 

15 measured by the measurement means. 

The command transmission means may transmit the command a 
maximum of k times to judge whether data transmission is granted or not, and the 
authentication means may authenticate the receiving apparatus in accordance with 
the authentication data corresponding to a transmission sequence of the command 

20 and a corresponding one of the expected value. 

A third information processing method of the present invention is 
characterized by having: an authentication data generation step of generating 
command authentication data and response expected value data from shared data 
shared with a receiving apparatus; a command transmission step of transmitting a 

25 command for requesting for a response to the receiving apparatus, the command 
containing the command authentication data; a response reception step of receiving a 
response to the command from the receiving apparatus; an authentication step of 



authenticating the receiving apparatus in accordance with the response expected 
value and the response authentication data contained in the response received from 
the receiving apparatus; a measurement step of measuring a response time taken by 
the receiving apparatus to respond to the command; and a judgment step of judging 
5 whether data transmission to the receiving apparatus is granted or not, in accordance 
with an authentication result by the authentication step and the response time 
measured by the measurement step. 

A program of a third recording medium of the present invention is 
characterized by having: an authentication data generation step of generating 

10 command authentication data and response expected value data from shared data 
shared with a receiving apparatus; a command transmission step of transmitting a 
command for requesting for a response to the receiving apparatus, the command 
containing the command authentication data; a response reception step of receiving a 
response to the command from the receiving apparatus; an authentication step of 

15 authenticating the receiving apparatus in accordance with the response expected 
value and the response authentication data contained in the response received from 
the receiving apparatus; a measurement step of measuring a response time taken by 
the receiving apparatus to respond to the command; and a judgment step of judging 
whether data transmission to the receiving apparatus is granted or not, in accordance 

20 with an authentication result by the authentication step and the response time 
measured by the measurement step. 

A third program of the present invention makes a computer execute a 
process, the process characterized by having: an authentication data generation step 
of generating command authentication data and response expected value data from 

25 shared data shared with a receiving apparatus; a command transmission step of 
transmitting a command for requesting for a response to the receiving apparatus, the 
command containing the command authentication data; a response reception step of 



receiving a response to the command from the receiving apparatus; an authentication 
step of authenticating the receiving apparatus in accordance with the response 
expected value and the response authentication data contained in the response 
received from the receiving apparatus; a measurement step of measuring a response 
5 time taken by the receiving apparatus to respond to the command; and a judgment 
step of judging whether data transmission to the receiving apparatus is granted or not, 
in accordance with an authentication result by the authentication step and the 
response time measured by the measurement step. 

In the third information processing apparatus and method of the 

10 present invention, and program of the present invention, the command authentication 
data and expected value data are generated from the data shared with the receiving 
apparatus, the command requesting for the response is transmitted to the receiving 
apparatus, the command including the command authentication data, the response to 
the command from the receiving apparatus is received, the receiving apparatus is 

15 authenticated in accordance with the response expected value and the response 
authentication data contained in the response received from the receiving apparatus, 
the response time taken by the receiving apparatus to respond to the command is 
measured, and it is judged whether the data transmission to the receiving apparatus is 
granted or not, in accordance with the authentication result and response time. 

20 A fourth information processing apparatus of the present invention is 

characterized by having: generation means for generating, from shared data shared 
with the transmitting apparatus, command expected value data and response 
authentication data respectively corresponding to authentication data of the command 
generated at the transmitting apparatus from the shared data; authentication means 

2 5 for authenticating the transmitting apparatus in accordance with authentication data 
of the command contained in the command and the command expected value data 
generated by the generation means, when the command transmitted from the 



transmitting apparatus is received; and transmission means for transmitting a 
response containing the response authentication data to the transmitting apparatus, in 
accordance with an authentication result by the authentication means. 

A fourth information processing method of the present invention is 
5 characterized by having: a generation step of generating, from shared data shared 
with the transmitting apparatus, command expected value data and response 
authentication data respectively corresponding to authentication data of the command 
generated at the transmitting apparatus from the shared data; an authentication step 
of authenticating the transmitting apparatus in accordance with authentication data of 

10 the command contained in the command and the command expected value data 
generated by a process of the generation step, when the command transmitted from 
the transmitting apparatus is received; and a transmission step of transmitting a 
response containing the response authentication data to the transmitting apparatus, in 
accordance with an authentication result by a process of the authentication step. 

15 A program of a fourth recording medium of the present invention is 

characterized by having: a generation step of generating, from shared data shared 
with the transmitting apparatus, command expected value data and response 
authentication data respectively corresponding to authentication data of the command 
generated at the transmitting apparatus from the shared data; an authentication step 

20 of authenticating the transmitting apparatus in accordance with authentication data of 
the command contained in the command and the command expected value data 
generated by a process of the generation step, when the command transmitted from 
the transmitting apparatus is received; and a transmission step of transmitting a 
response containing the response authentication data to the transmitting apparatus, in 

2 5 accordance with an authentication result by a process of the authentication step. 

A forth program of the present invention makes a computer execute a 
process, the process characterized by having: a generation step of generating, from 

11 



shared data shared with the transmitting apparatus, command expected value data 
and response authentication data respectively corresponding to authentication data of 
the command generated at the transmitting apparatus from the shared data; an 
authentication step of authenticating the transmitting apparatus in accordance with 
5 authentication data of the command contained in the command and the command 
expected value data generated by a process of the generation step, when the 
command transmitted from the transmitting apparatus is received; and a transmission 
step of transmitting a response containing the response authentication data to the 
transmitting apparatus, in accordance with an authentication result by a process of 

10 the authentication step. 

In the fourth information processing apparatus and method of the 
present invention, and program of the present invention, from the shared data shared 
with the transmitting apparatus, the command expected value data and response 
authentication data respectively corresponding to the authentication data of the 

15 command generated at the transmitting apparatus from the shared data are generated, 
the transmitting apparatus is authenticated in accordance with the command 
authentication data contained in the command and the generated command expected 
value data when the command transmitted from the transmitting apparatus is 
received, and the response containing the response authentication data is transmitted 

20 to the transmitting apparatus in accordance with the authentication result. 

Brief Description of the Drawings 

FIG. 1 is a diagram showing an application example of an information 
communication system adopting the present invention. 
2 5 Fig. 2 is a block diagram showing an example of the structure of a 

terminal shown in Fig. 1 . 

Fig. 3 is a block diagram showing an example of the structure of a 

12 



transmission grant judgment unit shown in Fig. 2. 

Fig. 4 is a block diagram showing an example of the structure of a 
response control unit shown in Fig. 2. 

Fig. 5 is a flow chart illustrating a transmission grant judgment 
5 process and a response process. 

Fig. 6 is a diagram illustrating a method of generating an expected 
value and authentication data. 

Fig. 7 is a diagram illustrating another method of generating an 
expected value and authentication data. 
10 Fig. 8 is a diagram illustrating the operation of the terminal shown in 

Fig. 1. 

Fig. 9 is a block diagram showing another example of the structure of 
the transmission grant judgment unit shown in Fig. 2. 

Fig. 10 is a block diagram showing another example of the structure 
15 of the response control unit shown in Fig. 2. 

Fig. 1 1 is a flow chart illustrating another transmission grant judgment 

process. 

Fig. 12 is a flow chart illustrating another response process. 
Fig. 13 is another diagram illustrating the operation of the terminal 
20 shown in Fig. 1. 

Fig. 14 is another diagram illustrating the operation of the terminal 
shown in Fig. 1 . 

Fig. 15 is another diagram illustrating the operation of the terminal 
shown in Fig. 1 . 

25 Fig. 16 is a block diagram showing an example of the structure of a 

personal computer. 
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Best Modes for Carrying Out the Invention 

Fig. 1 shows an example of the structure of an information 
communication system constituted of terminals 1 1 , adopting the present invention. 

Lans 1-1 and 1-2 (if it is not necessary to discriminate between Lans, 
5 simply called LAN 1 . This is also applied to other cases) are mutually connected 
via a WAN 2. 

LAN 1-1 is installed, for example, in a house and has an approximate 
size allowing particular individuals (or family) to use it. To this end, LAN 1-1 is 
connected to the terminals 11-1 and 11-2 such as personal computers and AV 

10 apparatuses via switching hubs (not shown). Connection between LAN 1-1 and the 
terminals 11-1 and 11-2 is established by a high speed interface such as Ethernet 
(registered trademark) (100BASE-TX). The terminals 11-1 and 11-2 can be 
connected to LAN 1-2 via WAN 2. 

LAN 1-2 is configured in a manner similar to LAN 1-1 and a terminal 

15 1 1 -3 is connected thereto . 

Each terminal 11 is an authorized apparatus registered in this 
information communication system, and as shown in Fig. 2, is constituted of a 
transmission grant judgment unit 21, a response control unit 22, a communication 
unit 23 and a transmission data storage unit 24. 

20 When predetermined data is transmitted to another terminal 11 

(terminal 11 on a reception side), the transmission grant judgment unit 21 
communicates with the reception side terminal 1 1 (more correctly, the reception side 
respond control unit 22) via the communication unit 23 in a manner to be described 
later, authenticates whether the reception side terminal 1 1 is an authorized apparatus 

2 5 of the information communication system, and measures a response time of the 
reception side terminal 1 1 to a predetermined request, as a communication time with 
the reception side terminal 1 1 . 



In accordance with a communication distance judgment result based 
on the authentication result and response time of the reception side terminal 1 1 , the 
transmission grant judgment unit 21 judges whether data transmission to the 
reception side terminal 1 1 is granted or not. 
5 For example, if the reception terminal 11 is connected to LAN 1 

different from LAN 1 of the transmission side terminal 11 (a so-called long 
communication distance case through connection via WAN 2), a response time 
becomes longer than if the reception terminal 1 1 is connected to the same LAN 1 (a 
short communication distance). Therefore, for example, if the communication is 

10 restricted in the same LAN 1, the transmission grant judgment unit 21 judges from 
the measured response time whether the reception side terminal 1 1 is connected to 
the same LAN 1 as that of the transmission side terminal 11, and judges, from this 
judgment result and the authentication result of the reception side terminal 11, 
whether data transmission can be granted. 

15 More specifically, in the example shown in Fig. 1, when the terminal 

11-1 (on the transmission side) transmits data to the terminal 11-2 (on the reception 
side), the transmission grant judgment unit 21 of the terminal 11-1 judges from the 
measured response time of the terminal 11-2 that the terminal 11-2 is connected to 
LAN 1-1 to execute data transmission. On the other hand, when the terminal 11-1 

20 transmits data to the terminal 11-3, the transmission grant judgment unit 21 of the 
terminal 11-1 judges from the measured response time of the terminal 11-3 that the 
terminal 1 1-3 is connected to LAN (LAN 1-2) different from LAN 1-1 not to execute 
data transmission. 

This communication control by a communication distance is 

25 applicable to content distribution businesses, for example, the content of movie or 
the like is distributed first to a predetermined district, and on later days to another 
district. 



Reverting to Fig. 2, when the predetermined data is received from the 
transmission side terminal 11, the response control unit 22 communicates with the 
transmission side terminal 11 (more correctly, the transmission side transmission 
grant judgment unit 21) in a manner to be described later, and transmits to the 
5 transmission side terminal information necessary for the authentication at the 
transmission side terminal 11 and for proper response time measurement, 
respectively via the communication unit 23. 

The communication unit 23 is connected to LAN 1 and communicates 
with the terminal 11 in the same LAN 1 or the terminal 1 1 connected to a different 
10 LAN 1 via WAN 2. 

The transmission data storage unit 24 stores predetermined data to be 
transmitted to the reception side terminal 1 1 . 

Fig. 3 shows an example of the structure of the transmission grant 
judgment unit 21 of the terminal 1 1 . 
15 A random challenge generation unit 31 generates a quasi random 

number (hereinafter called a random challenge) having a predetermined number of 
bits, and supplies it to a random challenge transmission control unit 32 and an 
expected value generation unit 33. 

The random challenge transmission control unit 32 transmits the 
20 random challenge supplied from the random challenge generation unit 31, to the 
reception terminal 11 via the communication unit 23. The random challenge 
transmission control unit 32 also receives a message (hereinafter called an RC 
reception message) to the effect that the random challenge is received, the RC 
reception message being transmitted from the reception side terminal 1 1 , and notifies 
25 a command transmission control unit 34 of the reception of the RC reception 
message, respectively via the communication unit 23. 

An expected value generation unit 33 makes the random challenge 

16 



supplied from the random challenge generation unit 31 be subjected to, for example, 
a Hash process (so-called Keyed-Hash process) based on an HMAC algorithm 
(Keyed Hashing for Message Authentication, IETF RFC 2104) using a secret key 
shared with the reception side terminal 11, generates an expected value of 
5 authentication data to be generated from the random challenge by the reception side 
terminal 11, and supplies it to a judgment unit 35. The expected value generation 
unit 33 may generate an expected value by executing the Keyed-Hash process 
relative to the random challenge information coupled to information (e.g., apparatus 
ID) which is specific to the terminal 1 1 and preset to the terminal 1 1 . 
10 The secret key used by the Hash process is distributed to each 

authorized apparatus of the information communication system at a predetermined 
timing in secret. 

When the reception of the RC reception message is notified from the 
random transmission control unit 32, the command transmission control unit 34 
15 transmits a command requesting for a response (hereinafter called a response request 
command) to the reception side terminal 11 via the communication unit 23, in 
accordance with an instruction from a judgment unit 35. 

The command transmission control unit 34 receives a message 
(hereinafter called a response message) transmitted from the reception side terminal 
20 1 1 as a response to the transmitted response request command, and supplies it to the 
judgment unit 35, respectively via the communication unit 23. The response 
message has built-in authentication data generated from the random challenge 
transmitted from the random challenge transmission control unit 32. 

After the response request command is transmitted, the command 
25 transmission control unit 34 controls a response time measurement unit 36 to start 
measuring a response time, and to terminate measuring the response time when the 
response message as a response to the response request command is received. 

17 



In accordance with the authentication data built in the response 
message from the command transmission control unit 34 and the expected value of 
the authentication data generated by the expected value generation unit 33, the 
judgment unit 35 authenticates whether the reception side terminal 11 is an 
5 authorized apparatus of the information communication system. The judgment unit 
35 also judges whether the response time measured by the response time 
measurement unit 36 is longer than a predetermined time TL and judges the 
communication distance (judges whether the reception side terminal is connected to 
the same LAN 1 as that of the transmission side terminal 1 1) 

10 In accordance with the authentication result of the reception side 

terminal 1 1 and the judgment result of the communication distance, the judgment 
unit 35 judges whether data transmission is granted or not. In accordance with this 
judgment, the judgment unit 35 controls the communication unit 23 to transmit the 
data stored in the transmission data storage unit 24 to the reception side terminal 1 1 . 

15 In accordance with an instruction from the command transmission 

control unit 34, the response time measurement unit 36 activates a built-in timer to 
measure the response time of the reception side terminal 1 1 . 

Fig. 4 shows an example of the structure of the response control unit 
22 of the terminal 11. 

20 A random challenge reception control unit 41 receives via the 

communication unit 23 the random challenge transmitted from the transmission side 
terminal 1 1 (more correctly, the transmission side transmission grant judgment unit 
21) and supplies it to the authentication data generation unit 42). The random 
challenge reception control unit 41 also transmits via the communication unit 23 the 

2 5 RC reception message (message to the effect that the random challenge is received) 
to the transmission side terminal 11, and notifies a reception message transmission 
control unit 44 of the transmission of the RC reception massage. 



An authentication data generation unit 42 makes the random challenge 
supplied from the random challenge reception control unit 41 be subjected to a 
Keyed-Hash process in a manner similar to the case of the transmission side terminal 
1 1 (the expected value generation unit 33 of the transmission grant judgment unit 21) 
5 to generate authentication data which the third party cannot be estimated, and supply 
it to a response message generation unit 43. 

Under the control of the response message transmission control unit 
44, the response message generation unit 43 generates the response message 
assembled with the authentication data supplied from the authentication data 
10 generation unit 42, and supplies it to the response message transmission control unit 
44. 

The response message transmission control unit 44 receives via the 
communication unit 23 the response request command transmitted from the 
transmission side terminal 1 1 . 
15 The response message transmission control unit 44 controls the 

response message generation unit 43 at the timing before the response request 
command is received (at the timing before the response request command is 
transmitted from the transmission side terminal 1 1) to make it generate the response 
message assembled with the authentication data corresponding to the response 
20 request command to be received. When the response request command is received, 
the response message is transmitted to the transmission side terminal 11 via the 
communication unit 23. 

Next, with reference to the flow chart of Fig. 5, description will be 
made on the operation of the transmission grant judgment unit 21 (Figs. 2 and 3) of 
2 5 the terminal 1 1 executing the transmission grant judgment process. 

At Step SI the random challenge generation unit 31 of the 
transmission grant judgment unit 21 of the terminal 11 (transmission side terminal 
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11) generates the random challenge and supplies it to the random challenge 
transmission control unit 32 and expected value generation unit 33. 

At Step S2, the random challenge transmission control unit 32 
transmits the supplied random challenge to the reception side terminal 11 via the 
5 communication unit 23, and at Step S3, the expected value generation unit 33 
executes the Keyed-Hash process relative to the supplied random challenge to 
generate the expected value of the authentication data to be generated at the reception 
side terminal 1 1 . 

In this example, since the transmission side terminal 1 1 transmits a 

10 maximum of N (= 1, 2,...) response request commands in sequence to judge a data 
transmission grant, N expected values of the authentication data are generated in 
correspondence to the N response request commands to be transmitted. 

The N expected values can be generated by dividing the data obtained 
as the result of the Keyed-Hash process for the random challenge and using the 

15 divided data sets. In the example shown in Fig. 6, the data obtained as the result of 
the Keyed-Hash process for the random challenge is divided into N sets and N 
expected values, from an expected value 1 to an expected value N, are obtained. 

The Keyed-Hash process for the random challenge may be executed a 
plurality of times to generate N expected values from the data obtained at each 

20 process. In the example shown in Fig. 7, the Keyed-Hash process for the random 
challenge is executed N times and N data sets obtained at the respective processes 
are used as the expected values. An expected value 1 shown in Fig. 7 is obtained as 
a result of executing once the Keyed-Hash process for the random challenge, and an 
expected value 2 is obtained as a result of the Keyed-Hash process for the expected 

25 value 1. 

Reverting to Fig. 5, at Step S4 the random challenge transmission 
control unit 32 receives via the communication unit 23 the RC reception message 



(Step S23) to the effect that the random challenge transmitted at Step S2 from the 
reception side terminal 1 1 to be described later is received, and notifies the command 
transmission control unit 34 of this reception. At Step S5 the command 
transmission control unit 34 initializes a counter i to 1, the counter i indicating the 
5 sequence of the response request command to be transmitted (transmission 
sequence). 

Next, at Step S6 the command transmission control unit 34 transmits 
the response request command to the reception side terminal 11 via the 
communication unit 23, and at Step S7 controls the response time measurement unit 
10 36 to start measuring the response time. 

At Step S8 the command transmission control unit 34 receives via the 
communication unit 23 the response message to the response request command 
transmitted at step S6 from the reception side terminal 11 to be described later, 
supplies it to the judgment unit 35, and at Step S9 controls the response time 
15 measurement unit 36 to terminate the measurement of the response time. Namely, 
the time obtained by a measurement starting at Step S7 and terminating at S9 is the 
response time of the reception side terminal 1 1 . 

At Step S10 the judgment unit 35 judges whether the authentication 
data assembled in the reception message supplied from the command transmission 
20 control unit 34 matches with the expected value (specifically, the expected value 
corresponding to the response request command transmitted at the sequence 
indicated by the counter i (hereinafter called a response request command transmitted 
at the i-th sequence)) of the corresponding authentication data generated by the 
expected value generation unit 33. If it is judged to match, the reception side 
2 5 terminal 11 is authenticated as an authorized terminal of the information 
communication system, to thereafter advance to Step SI 1. 

At Step SI 1 the judgment unit 35 judges whether the response time of 
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the reception side terminal 11, measured by the response time measurement unit 3, 
relative to the response request command transmitted at the i-th sequence, is longer 
than the predetermined time TL. The time TL is, for example, a communication 
time taken to communicate between terminals connected to the same LAN 1. 
5 Namely, if the response time is longer than the time TL, it can be judged that the 
reception side terminal 11 is connected to LAN 1 different from that of the 
transmission side terminal 11, whereas if the response time is not longer than the 
time TL (including response time = time TL), it is can be judged that the reception 
side terminal 1 1 is not connected to the same LAN 1 (the communication distance 

10 can be judged). 

If it is judged at Step Sll that the response time is longer than the 
time TL, the flow advances to Step S12 whereat the judgment unit 35 notifies the 
judgment result to the command transmission control unit 34 which in turn 
increments the counter i by 1 . 

15 At Step S13 the command transmission control unit 34 judges 

whether the counter i is N + 1. If it is judged that the counter i is not N + 1, the 
flow returns to Step S6 after a lapse of a predetermined time. If it is judged at Step 
SI 3 that the counter i is N + 1 (namely, if the response request command was 
transmitted N times), or it is judged at Step S10 that the reception side terminal 1 1 is 

20 not an authorized apparatus of the information communication system, then the flow 
advances to Step S14 whereat this effect is notified to the judgment unit 3. Then, 
the judgment unit 35 rejects the data transmission to the reception side terminal 11 
and controls the communication unit 23 to reject the transmission of the data stored 
in the transmission data storage unit 24 to the reception side terminal 11. 

25 If it is judged at Step Sll that the response time to the response 

request command transmitted at the i-th sequence is not longer than the time TL, i.e., 
if the reception side terminal 11 is the authorized apparatus of the information 
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communication system and the reception side terminal 1 1 is connected to, e.g., the 
same LAN 1 as that of the transmission side terminal 11, then the flow advances to 
Step S15 whereat the judgment unit 35 controls the communication unit 23 to 
transmit the data stored in the transmission data storage unit 24 to the reception side 
5 terminal 1 1 . 

After whether the data transmission to the reception side terminal 1 1 
is granted or not is judged at Step S14 or Step S15, the judgment unit 35 transmits 
via the communication unit 23 a message (hereinafter called a judgment completion 
message) to the effect that the transmission grant judgment is completed, to the 
10 reception side terminal 11. The transmission grant judgment process is thereafter 
terminated. 

Next, with reference to the flow chart of Fig. 5, description will be 
made on the operation of the response control unit 22 (Figs. 2 and 4) of the terminal 
1 1 executing the response process. 

15 At Step S21 the random challenge reception control unit 41 of the 

response control unit 22 of the terminal 11 (the reception side terminal 1) receives 
via the communication unit 23 the random challenge transmitted from the 
transmission destination terminal 1 1 (at Step S2), and supplies it to the authentication 
data generation unit 42. At Step S22 the authentication data generation unit 42 

20 makes the random challenge supplied from the random challenge reception control 
unit 41 be subjected to the Keyed-Hash process similar to the Keyed-Hash process 
(at Step S3) at the transmission grant judgment unit 21 (expected value generation 
unit 33) of the transmission side terminal 1 1, to generate the authentication data and 
transmit it to the response message generation unit 43. 

2 5 In this example, since N response request commands at a maximum 

can be received, N authentication data sets to be compared with the expected values 
corresponding to the response request commands (Step S10) are generated. N 



authentication data sets are generated by a method similar to the expected value 
generation method (Figs. 6 and 7). 

After the authentication data is generated in this manner, at Step S23 
the random challenge reception control unit 41 transmits the RC reception message 
5 to the transmission side terminal 1 1 via the communication unit 23, and notifies this 
to the response message transmission control unit 44. 

At Step S24, the response message transmission control unit 44 
initializes a counter j to 1 , the counter j indicating the sequence of the response 
request command to be received, and at Step S25 controls the response message 

10 generation unit 43 to generate the response message assembled with the 
authentication data corresponding to the response request command to be received in 
the sequence indicated by the counter j (hereinafter called a response request 
command received at the j-th sequence). 

Next, at Step S26 the response message transmission control unit 44 

15 receives via the communication unit 23 the response request command transmitted 
from the transmission destination terminal 1 1 (at Step S6), and at Step S27 transmits 
via the communication unit 23 the response message assembled with the 
authentication data corresponding to the response request command received at the 
j-th sequence to the transmission side terminal 11. In this manner, as described 

20 earlier, the transmission side terminal 11 compares (at Step S10) the authentication 
data corresponding to the response request command received at the j-th sequence 
(transmitted at the i-th sequence) with the expected value corresponding to the 
response request command transmitted at the i-th sequence (received at the j-th 
sequence). 

2 5 At Step S28 the response message transmission control unit 44 of the 

response control unit 22 of the reception side 11 judges whether the judgment 
completion message transmitted from the transmission side terminal 1 1 (at Step SI 6) 
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is received. If it is judged that the judgment completion message is not received in 
a predetermined time, the flow advances to Step S29 whereat the response message 
transmission control unit 44 increments the counter j by 1 and at Step S30 judges 
whether the counter j = N + 1 . 
5 If it is judged at Step S30 that the counter j is not N + 1 (i.e., if the 

response request command is not received N times), the flow returns to Step S25 to 
execute Step S25 and succeeding Steps for the response request command to be 
received next. 

If the judgment completion message is received at Step S28 or if it is 
10 judged at Step S30 that the counter j is N + 1 (i.e., if the response request command 
was received N times), then the response control unit 22 terminates the response 
process. 

As described above, the communication distance judgment by the 
response time is executed only for the reception side terminal 1 1 authenticated in 

15 accordance with the authentication data generated from the random challenge (at 
Step S22) and the expected value (Step S3) (the process at Step SI 1 is skipped if the 
judgment at Step S10 is NO). Therefore, it is possible to prevent data from being 
transmitted to an apparatus which performs an identity theft of an authorized 
apparatus (data will not be transmitted to the apparatus which makes an identity theft 

20 of an authorized apparatus, receives the response request command and transmits the 
response request message). 

The transmission side terminal 1 1 may assemble a newly generated 
random challenge in the response request command and transmit it to the reception 
side terminal 11 (Step S6). When the reception side terminal 11 receives the 

25 response request command (Step S26), the already generated authentication data 
(Step S22) is coupled to the random challenge assembled in the response request 
command or the logical calculation between them is performed, to generate new 
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authentication data and return the response message assembled with the new 
authentication data (Step S27). In this case, the transmission side terminal 11 
generates the expected value to be compared with the new authentication data at Step 
S10, by coupling the expected value generated at Step S3 to the random challenge 
5 assembled in the response request command or through the logical calculation 
therebetween. 

By generating the authentication data and expected value from the 
random challenge assembled in the response request command as described above, 
the reception side terminal 11 cannot transmit the response massage until the 
10 response request command is received from the transmission side terminal 11. It is 
therefore possible to prevent an illegal act such as transmitting the response message 
before the response request command is received, in sequence to shorten the 
response time. 

Further, since the authentication data and the response message 
15 assembled with the authentication data are generated before the response request 
command is received (Steps S22 and S25), the reception side terminal 1 1 can return 
the response message to the transmission side terminal 11 immediately after the 
response request command is received (Step S27). 

For example, if the authentication data and the response request 
20 message are generated after the response request command is received, the time 
required for this process is contained in the response time measured at the 
transmission side terminal 1 1 so that the response time as the communication time 
cannot be measured correctly. However, by transmitting the response message 
immediately after the response request command is received as in this invention, the 
2 5 response time as the communication time can be measured correctly. 

Furthermore, in the above description, although the transmission side 
terminal 1 1 generates the random challenge (Step SI) and provides it to the reception 
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side terminal 1 1 (Step S2), the reception terminal may generate the random challenge 
and provide it to the transmission side 1 1 . 

Also in the above description, although the secret key is shared by the 
transmission side terminal 1 1 and the reception side terminal 1 1, if the secret key is 
5 not to be shared, it can be shared by using a Diffie-Hellman key exchange algorithm 
or the like. In this case, whether the partner with whom the key was exchanged can 
be confirmed based upon the certificate that the response time of the partner is 
measured, or the like. After the key exchange, the key itself acquired through the 
key exchange may be used as the authentication data and expected value, or the 

10 Keyed-Hash process is executed relative to a random number by using the exchanged 
key, as described previously, to obtain the authentication data and expected value. 

In the above description, the reception side terminal 11 is 
authenticated (Step S10) based upon the authentication data of the response 
generated at the reception side terminal 11 (hereinafter called authentication data 

15 RR) (Step S22) and the expected value for the response generated at the transmission 
side terminal 1 1 (hereinafter called an expected value QR) (Step S3). The reception 
side terminal 1 1 may authenticate the transmission side terminal 1 1 in accordance 
with authentication data for the response request command from the transmission 
side terminal 1 1 (hereinafter called authentication data RS) and its expected value 

20 (hereinafter called an expected value QS). 

In the example shown in Fig. 5, since the reception side terminal 11 
returns the response message (Step S27) immediately after the response request 
command is received (S27), for example, as shown in Fig. 8 a third apparatus x is 
inserted into the same LAN 1 as that of the transmission side terminal 11 

2 5 (transmitter), the apparatus x first sends the response request command to a receiving 
apparatus (Sill) to acquire the response message from the receiving apparatus 
(SI 12), and when the response request command incomes from the transmitter 
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(S121), the acquired response message is returned (SI 22). In this manner, the 
apparatus x can become an authorized apparatus through identity theft. 

The illegal act of this type can be prevented by making also the 
reception side terminal 1 1 authenticate the transmission side terminal 1 1 when the 
5 response message is returned (it is possible to prevent the response message from 
being returned to the unauthorized apparatus). 

Fig. 9 shows an example of the structure of the transmission grant 
judgment unit 21 and Fig. 10 shows an example of the structure of the response 
control unit 22, respectively for when the reception terminal 1 1 authenticates the 
10 transmission terminal 1 1 . 

Similar to the random challenge generation unit 31 shown in Fig. 3, a 
random challenge generation unit 51 of the transmission grant judgment unit 21 
generates a quasi random number having a predetermined number of bits, as the 
random challenge RC, and supplies it to an expected value generation unit 52 and an 
15 authentication data generation unit 53. 

An expected value generation unit 52 makes the random challenge 
supplied from the random challenge generation unit 51 be subjected to, for example, 
a Keyed-Hash process similar to the case of a reception side terminal 11 
(authentication data generation unit 73), by using the secret key shared with the 
20 reception terminal 11, generates the expected value QR for the authentication data 
RR of the reception side terminal 1 1 (the expected value QR having the same value 
as the corresponding authentication data RR), and supplies it to a response 
authentication unit 57. 

The authentication data generation unit 53 makes the random 
2 5 challenge RC supplied from the random challenge generation unit 51 be subjected to 
the Keyed-Hash process using the secret key shared by the reception side terminal 1 1 , 
generates the authentication data RS for the command which cannot be estimated by 



the third party, and supplies it to a response request command transmission unit 55. 

A command transmission control unit 54 transmits a control command 
CC such as a start command to the reception side terminal 11, and receives a 
response message CCR to the control command CC transmitted from the reception 
5 side terminal 1 1 . 

A response request command transmission unit 55 transmits a 
response request command MC containing the authentication data RS generated by 
the authentication data generation unit 53, to the reception side terminal 1 1 via the 
communication unit 23. 

10 A response reception unit 56 receives via the communication unit 23 a 

response message MCR transmitted from the reception side terminal 11, as a 
response to the transmitted response request command MC, and supplies the 
authentication data RR for the response assembled in the response message, to a 
response authentication unit 57. 

15 In accordance with the authentication data RR for the response from 

the response reception unit 56 and the expected value QR for the authentication data 
RR generated by the expected value generation unit 52, the response authentication 
unit 57 authenticates whether the reception side terminal 11 is an authorized 
apparatus of the information communication system, and notifies the authentication 

20 result to a control judgment unit 58. 

The control judgment unit 58 judges whether a response time RTT, 
measured by a response time measurement unit 59, of the reception side terminal 1 1 
relative to the response request command MC, is longer than a predetermined time 
TL to thereby judge a communication distance (judge whether the reception side 

2 5 terminal is connected to the same LAN 1 as that of the transmission side terminal 
11). 

In accordance with the authentication result of the reception side 
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terminal 11 and the judgment result of the communication distance, the control 
judgment unit 58 judges whether data transmission to the reception side terminal 11 
is granted or not. In accordance with this judgment, the control judgment unit 58 
controls the communication unit 23 to transmit the data stored in the transmission 
5 data storage unit 24 to the reception terminal 1 1 . 

In response to the notices from the response request command 
transmission unit 55 and response reception unit 56, the response time measurement 
unit 59 measures the response time RTT of the reception side terminal 1 1 . 

Next, the structure (Fig. 10) of the response control unit 22 will be 

10 described. 

A control response communication control unit 71 receives the control 
command CC transmitted from the transmission terminal 11 and transmits the 
response message CCR to the control command CC to the transmission side terminal 
11, respectively via the communication unit 23. 

15 An expected value generation unit 72 makes the random challenge RC 

contained in the control command and received at the control response 
communication control unit 71 be subjected to a Keyed-Hash process similar to the 
case of the transmission side terminal 1 1 (authentication data generation unit 53), by 
using the secret key shared with the transmission terminal 11, generates the expected 

20 value QS for the command authentication data RS of the transmission side terminal 
1 1 (the expected value QS having the same value as the corresponding authentication 
data RS), and supplies it to a command authentication unit 76. 

An authentication data generation unit 73 makes the random challenge 
RC contained in the control command CC received at the control response 

2 5 communication control unit 71 be subjected to the Keyed-Hash process using the 
secret key shared by the transmission side terminal 1 1 , generates the authentication 
data RR for the response not estimated by the third party, and supplies it to a 
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response transmission unit 74. 

In accordance with the authentication result of the command 

authentication unit 76, the response transmission unit 74 transmits the response 

message MCR to the response request command MC from the transmission side 
5 terminal 1 1 containing the authentication data RR for the response generated by the 

authentication data generation unit, to the transmission side terminal 11 via the 

communication unit 23. 

A response request command reception unit 75 receives via the 

communication unit 23 the response request command MC transmitted from the 
10 transmission side terminal 1 1 , and supplies the authentication data RS assembled in 

the command to a command authentication unit 76. 

In accordance with the command authentication data from the 

response request command reception unit 75 and the expected value QS for the 

authentication data RS generated by the expected value generation unit 72, the 
15 command authentication unit 76 authenticates whether the transmission terminal 11 

is an authorized apparatus of the information communication system, and notifies the 

authentication result to the response transmission unit 74. 

Next, the operation of the transmission grant judgment unit shown in 

Fig. 9 will be described with reference to the flow chart shown in Fig. 11. 
20 At Step S51 the control command communication control unit 54 of 

the transmission grant judgment unit 21 of the terminal 11 establishes a TCP 

connection with a reception side apparatus. It is assumed that the port number for 

the TCP connection is agreed beforehand between the transmission side terminal 1 1 

and reception side apparatus. This step may be omitted if the TCP connection has 
2 5 already been established between the transmission side apparatus 1 1 and reception 

side apparatus. 

The control command communication control unit 54 transmits a start 
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command (control command CC) to the effect that the response time RTT 
measurement starts, to the reception side apparatus via the established TCP 
connection. This start command CC contains a session number SID, the random 
challenge RC and the number of retry times (measurement times) ks of measurement 
5 of the response time during one session executable by the transmission side terminal 
11. 

The session number SID is the number assigned to each of a series of 
authentication processes (one session) to be executed thereafter for the reception side 
apparatus. This number is shared by both the transmission and reception sides so 

10 that the authentication processes can be discriminated between respective sessions. 

Communications of data (e.g., the response request command MC and 
its response message MCR) necessary for the measurement of the response time RTT 
are performed by UDP which does not resend packets. Therefore, depending upon 
the communication conditions, the response time measurement is not performed 

15 properly because of data loss during communications or other reasons. Packet 
transmission may be delayed by the influence of other communications on the 
network. From this reason, the response time RTT measurement is made to be 
retried (re-executed) several times. Since the numbers of retry times become 
different at the transmission side apparatus and reception side apparatus by their 

20 settings, in this example, the number of retry times (e.g., maximum number of retry 
times) of the transmission side apparatus is notified to the reception side apparatus. 

Next, at Step S52 the control command communication control unit 
54 receives the response message CCR to the start command CC from the reception 
side apparatus. 

25 This response message CCR contains, in addition to the session 

number SID contained in the start command CC, the number of retry times k for the 
response time RTT measurement determined by the reception side, and a UDP port 
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number pb for receiving the response request command MC. Namely, with this 
exchange of the start command CC and its response message CCR, the transmission 
side terminal 1 and reception side apparatus agree the number of retry times 
(measurement times) k for the response time RTT measurement, the session number 
5 SID and the UDP port number pb for an exchange of the response request command 
MC and its response message MCR. 

The reception side apparatus determines, as the number of retry times 
k for the current response time RTT measurement, a smaller one of the number of 
retry times ks for the response time RTT measurement executable at the transmission 

10 side terminal TR and notified by the start command CC and the number of retry 
times for the response time RTT measurement executable at the reception side, and 
notifies it to the transmission side apparatus by using the response message CCR. 

At Step S53 the expected value generation unit 52 makes the random 
challenge RC generated by the random challenge generation unit 51 be subjected to 

15 the Keyed-Hash process similar to the Keyed-Hash at the response control unit 22 
(authentication data generation unit 73) of the reception side terminal 11, and 
generates the expected value QR for the authentication data RR of the reception side 
apparatus. 

In this example, since the response time RTT measurement is 
20 performed a maximum of k times (since the response message MCR to the response 
request command MC is received a maximum of k times), the expected value QR is 
generated for each of the authentication data RR contained in the received k request 
command messages MCR at a maximum. 

The authentication data generation unit 53 makes the random 
25 challenge RC generated by the random challenge generation unit 51 be subjected to 
the Keyed-Hash process, and generates the command authentication data RS. 

In this example, since the response time RTT measurement is 
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performed a maximum of k times (since the response request command MC is 
transmitted a maximum of k times), the authentication data RS is generated for each 
of the transmitted k response request commands MC at a maximum. 

At Step S54 a counter i built in the control judgment unit 58 is 
5 initialized to 1. At this time, the expected value generation unit 52 supplies the 
response authentication unit 57 with the expected value QR (e.g., an expected value 
QRi generated at the i-th sequence) corresponding to the value of the counter i. The 
authentication data generation unit 53 also supplies the authentication data RSi 
corresponding to the value of the counter i to the response request command 

10 transmission unit 55. 

At Step S55 the response request command transmission unit 55 
transmits the response request command MC to the reception side apparatus through 
UDP communications at the UDP port number pb contained in the response CCR to 
the control command CC, the response request command MC containing the session 

15 number SID, and the authentication data RSi (authentication data RSi corresponding 
to the value of the counter i among k authentication data sets RS) supplied from the 
authentication data generation unit 53. 

When the response request command transmission unit 55 transmits 
the response request command MC, it notifies this to the response time measurement 

20 unit 59. In response to this, the response time measurement unit 59 starts 
measuring the response time. 

At Step S56 the response reception unit 56 judges whether the 
response message MCR is received from the reception side apparatus. If it is 
judged that the response message is not received, the flow advances to Step S57 

25 whereat it is judged whether the response is waited for a predetermined time or 
longer (it is judged whether a predetermined time has lapsed after the response time 
RTT measurement starts at Step S55). 



If it is judged at Step S57 that the predetermined time is not still 
lapsed, the flow returns to Step S56 to execute Step S56 and succeeding Steps. On 
the other hand, if it is judged at Step S57 that the predetermined time has lapsed, the 
flow advances to Step S62 whereat it is judged whether the value of the counter i is 
5 smaller than the number of retry times k (it is judged whether the response time RTT 
measurement is performed k times). If it is judged smaller (the measurement is not 
performed k times), the flow advances to Step S63 whereat the value of the counter i 
is incremented by 1 to thereafter return to Step S55. 

Since a packet may not reach the communication partner when 

10 sending the response request packet MC by UDP, if the response message MCR is 
not received until a lapse of a predetermined time after the response request 
command MC is sent, the transmission side terminal 1 1 judges a failure of the 
current measurement and starts the next response time RTT measurement (the 
process at Step S55 and succeeding Steps start). 

15 If it is judged at Step S56 that the response message MCR is received, 

the flow advances to Step S58 whereat the response reception unit 56 reads the 
response authentication data RRj and sequence number Cj contained in the received 
response message MCR, and supplies them to the response authentication unit 57. 

The response authentication unit 57 judges whether the sequence 

20 number Cj supplied from the response reception unit 56 matches with the value of 
the counter i (the sequence number Ci of the transmitted response request command 
MC). 

Description will be made later on the merit of confirming the 
sequence number Cj of the response message MCR and the sequence umber Ci of the 
2 5 response request command MC. 

If it is judged at Step S58 do not match, the flow returns to Step S56 
to execute Step S56 and succeeding Steps, whereas if it is judged to match, the flow 



advances to Step S59. 

At Step S59 the response reception unit 56 supplies a notice END 
indicating that the response message MCR has been received, to the response time 
measurement unit 59. The response time measurement unit 59 terminates the 
5 response time RTT measurement started at Step S55, and supplied the measurement 
result (response time RTT) to the control judgment unit 58. 

At Step S60 the response authentication unit 57 judges whether the 
response authentication data RRj supplied from the response reception unit 56 
matches with the expected value QRi for the authentication data RRj generated by 
10 the expected value generation unit 52. If it is judged to match, the reception side 
terminal 11 is authenticated as an authorized terminal of the information 
communication system to thereafter advance to Step S61. 

At Step S61 the control judgment unit 58 judges whether the response 
time RTT supplied from the response time measurement unit 59 is larger than the 
15 predetermined prescribed time TL. 

The prescribed time TL is the time not longer than the response time 
RTT if the transmission side terminal 11 and the reception side apparatus are 
connected to the same LAN 1 . Namely, if the response time RTT is longer than the 
prescribed time TL, it can be judged that the reception side apparatus is not 
20 connected to the same LAN 1 as that of the transmission side terminal 11. On the 
other hand, if the response time RTT is not longer (is equal to or shorter) than the 
prescribed time TL, it can be judged that the reception side apparatus is connected to 
the same LAN 1 as that of the transmission side terminal 1 1 . 

If it is judged at Step S61 YES (if it is judged from the response time 
25 RTT measurement at the i-th sequence that the reception side apparatus is not 
connected to the same LAN 1 as that of the transmission side terminal 1 1), the flow 
advances to Step S62 whereat the control judgment unit 58 judges whether the value 



of the counter i is smaller than the value k (whether the response time RTT 
measurement is retried k times). If it is judged smaller (if the response time RTT 
measurement is not performed k times), the flow advances to Step S63 whereat the 
value of the counter i is incremented by 1. At this time, the expected value 
5 generation unit 52 supplies the response authentication unit 57 with the expected 
value QRi corresponding to the new value of the counter i, whereas the 
authentication data generation unit 53 supplies the response request command 
transmission unit 55 with the authentication data RSi corresponding to the new value 
of the counter i. 

10 Thereafter, the flow returns to Step S55 to execute Step S55 and 

succeeding Steps. Namely, the response time RTT measurement is performed k 
times at a maximum until the response message MCR, whose response time RTT is 
equal to or shorter them the prescribed time TL, is received. 

If it is judged as NO at Step S61 (if the response message MCR 

15 whose response time RTT is equal to or shorter than the prescribed time TL), the 
flow advances to Step S64. 

At Step S64 the control judgment unit 58 notifies the communication 
unit 23 (Fig. 3) of that the reception side apparatus is an apparatus to which 
transmission data can be sent (an authorized apparatus connected to the same LAN 1 

20 as that of the transmission side terminal 11). The communication unit 23 reads 
predetermined transmission data from the transmission data storage unit 24 and 
transmits it to the reception side apparatus (terminal 11). 

If it is judged at Step S62 that the value of the counter i is equal to or 
larger than k (if the response whose response time RTT is equal to or shorter then the 

25 prescribed time TL is not obtained even if the response time RTT measurement is 
performed k times), the flow advances to Step S65 whereat the control judgment unit 
58 notifies the control command communication control unit 54 of that the reception 



side apparatus is an apparatus outside of the local network (an apparatus not 
connected to the same LAN 1 as that of the transmission side terminal 11). The 
control command communication control unit 54 transmits to the reception side 
apparatus the end command CC indicating that authentication of the reception side 
5 apparatus failed. 

If it is judged at Step S60 that the response authentication data RRj 
does not match with its expected value QRi, the flow advances to Step S66 whereat 
the control judgment unit 58 notifies the control command communication unit 54 of 
that the reception side apparatus is an unauthorized apparatus. The control 
10 command communication control unit 54 transmits to the reception side apparatus 
the end command CC indicating that authentication of the reception side apparatus 
failed. 

The transmission grant judgment process is executed in the manner 
described above. 

15 In the above description, the k authentication data sets RS are 

generated at Step S53. Instead, at Step S55 each time the response request 
command MC is transmitted, the authentication data for the command may be 
generated. 

Next, the operation of the response control unit 22 of Fig. 10 will be 
20 described with reference to the flow chart of Fig. 12. 

At Step S81 together with the transmission side apparatus, the control 
response communication control unit 71 of the response control unit 22 of the 
reception side terminal 11 establishes a TCP connection and receives the start 
command CC transmitted from the transmission side apparatus via the TCP 
2 5 connection (Step S51). The control response communication control unit 71 
supplies the expected value generation unit 72 and authentication data generation 
unit 73 with the random challenge RC contained in the received start command CC. 



Next, at Step S82 the response request command reception unit 75 
determines a UDP port number pb to be used for receiving the response request 
command MC transmitted from the transmission side apparatus. 

The response request command reception unit 75 also determines, as 
5 the number of retry times k for the current response time RTT measurement, a 
smaller one of the number of retry times ks for the response time RTT measurement 
executable at the transmission side terminal TR contained in the start command CC 
and the number of retry times for the response time RTT measurement executable at 
the reception side terminal 1 1 . 

10 At Step S83 the control response communication control unit 71 

transmits the response message CCR to the transmission side apparatus via the TCP 
connection established at Step S81, the response message containing the session 
number SID, the number of retry times k for the response time RTT measurement 
and the UDP port number pb respectively contained in the control command CC 

15 received at Step S81. The transmission side apparatus receives the transmitted 
response message CCR (Step S52). 

At Step S84 the authentication data generation unit 73 executes a 
Keyed-hash process relative to the random challenge RC supplied from the control 
response communication control unit 71, and generates the response authenticate 

20 dataRR. 

In this example, since the response time RTT measurement is 
performed k times at a maximum (the response message MCR to the response 
request command MC is transmitted k times at a maximum), the authentication data 
RR is generated for each of the transmitted k response messages MCR at a 
2 5 maximum. 

The expected value generation unit 72 makes the random challenge 
RC supplied from the control response communication control unit 71 be subjected 
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to a Keyed-Hash process similar to the Keyed-Hash process by the transmission 
grant judgment unit 21 (authentication data generation unit 53) of the transmission 
side terminal 1 1, and generates the expected value QS for the authentication data of 
the transmission side terminal 1 1 . 
5 In this example, since the response time RTT measurement is 

performed a maximum of k times (the response request command MC is received a 
maximum of k times), the expected value QS is generated for each of the 
authentication data sets RS contained in the received k response request commands 
MC at a maximum. 

10 At Step S85 the value of a counter j built in the command 

authentication unit 76 is initialized to 1 . 

At Step S86 it stands by until a command is received, and when it is 

judged that a command is received, the flow advances to Step S87 whereat it is 

judged whether the received command is the response request command MC (Step 
15 S55). If it is judged as the response request command MC, the flow advances to 

Step S88. 

At Step S88, the sequence number Ci contained in the received 
command is compared with the counter j and it is confirmed whether the sequence 
number Ci is equal to or larger than the counter j. If the sequence number is equal 
20 to or larger than the counter j, the flow advances to Step S89 whereat the counter j is 
set to the value of the sequence number Ci. 

This is a countermeasure for making the counter j match with the 
sequence number Ci, if the command is lost or does not income in the sequential 
sequence. 

2 5 At this time, the expected value generation unit 72 supplies the 

command authentication unit 76 with the expected value QS corresponding to the 
value of the counter j (e.g., the expected value QSj generated at the j-th sequence). 
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The authentication data generation unit 73 supplies the response transmission unit 74 
with the authentication data RRj corresponding to the value of the counter j. 

Next, at Step S90 the command authentication unit 76 judges whether 
the authentication data RSi assembled in the response request command MC received 
5 from the response request command reception unit 75 matches with the expected 
value QSj generated by the expected value generation unit 72 (the expected value 
generated at the sequence indicated by the counter j). If it is judged to match, the 
transmission side terminal 11 is authenticated as an authorized terminal of the 
information communication system to thereafter advance to Step S91. 
10 At Step S91 the command authentication unit 76 notifies the response 

transmission unit 74 of that the transmission side terminal 11 is the authorized 
apparatus. Then, the response transmission unit 74 transmits to the transmission 
side apparatus the response message MCR which contains the session number SID, 
the sequence number Cj representative of the value of the counter j and the 
15 authentication data RRj supplied from the authentication data generation unit 73. 

On the other hand, if it is judged at Step S90 do not match, the flow 
advances to Step S92 whereat the command authentication unit 76 notifies this to the 
response transmission unit 74. Then, the response transmission unit 74 transmits to 
the transmission side apparatus a response message MCR containing the session 
20 number SID, the sequence number Cj representative of the value of the counter j, and 
authentication data RR (= XX) with which the transmission side apparatus fails the 
authentication of the reception side apparatus (Step S60). 

If the response message MCR is transmitted at Step S91 or Step S92, 
the value of the counter j is incremented by 1 at Step S93 and thereafter the flow 
2 5 returns to Step S86 to execute Step S86 and succeeding Steps. 

If it is judged at Step S88 that the value of the counter j is smaller than 
the sequence number Ci contained in the received command, the flow also returns to 
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Step S86 to execute Step S86 and succeeding Steps. 

If it is judged at Step S87 that the received command is not the 
response request command (if the received command is the end command CC (Steps 
S65 and S66)), the process is terminated. 
5 Next, description will be made on the process at Step S58 shown in 

Fig. 11. In the process at Step S58, it is judged whether the sequence number Cj of 
the response message MCR from the reception side apparatus matches with the 
sequence number Ci (the value of the counter i) of the response request command 
MC. Since the correspondence between the response request command MC and the 

10 response message MCR is confirmed, the distance judgment by the response time 
RTT is not performed in accordance with the response message MCR not 
corresponding to the response request command MC (the response message MCR of 
another response request command MC). 

For example, as shown in Fig. 13, it is assumed that the reception side 

15 apparatus takes a long time to transmit the response message MCR corresponding to 
the first response request message (Steps S91 and S92) and that the transmission side 
terminal 11 judges as the timeout (Step S57) and transmits the second response 
request command MC to the reception side apparatus. It is also assumed that the 
response message MCR corresponding to the first response request command MC is 

20 received at the transmission side terminal 11 (Step S56) after the second response 
request command MC is transmitted (Step S55) before the timeout or the second 
response request command MC (Step S57). 

In the present invention, however, it is judged that the sequence 
number (= 1) of the first response message MCR from the reception side apparatus is 

25 do not match with the sequence number (= 2) of the second response request 
command MC. Therefore, the transmission side terminal 11 stands by (return to 
Step S56) until the response message MCR corresponding to the second response 
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request command MC is received, so that even if the response message not 
corresponding to the response request command is received, the distance judgment 
by the response time RTT is not performed. 

Next, the operation of an unauthorized terminal 1 1 will be described 

5 specifically. 

For example, it is assumed that the unauthorized apparatus x 
connected to the same LAN 1 as that of the transmitter shown in Fig. 8 transmits a 
response request command in sequence to receive a response from the receiving 
apparatus. However, since the apparatus x does not have the secret key shared with 

10 the receiving apparatus, it cannot acquire the authentication data RS necessary for the 
authentication of the transmitter by the receiving apparatus. Therefore, as shown in 
Fig. 14, although the apparatus x transmits the response request command MC 
containing improper authentication data RS (= ?), the receiving apparatus transmits 
the response message MCR containing the authentication data RR (=X X) with 

15 which the authentication of the receiving apparatus fails (Step S92). Even if the 
apparatus x transmits thereafter to the transmitter the response message MCR to the 
response request command MC sent from the transmitter, the apparatus x cannot be 
authenticated by the transmitter and the transmission data will not be transmitted to 
the apparatus x. 

20 It can be considered as shown in Fig. 15 that the unauthorized 

apparatus x receives the response request command MC from the transmitter, 
transmits it to the receiving apparatus and acquires the response message MCR 
containing the proper authentication data RR and that the apparatus transmits the 
acquired response message MCR to the transmitter. 

25 However, in this case, the response request command MC is 

transmitted from the transmitter to the apparatus x and from the apparatus x to the 
receiving apparatus, and the response message MCR is transmitted from the 
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receiving apparatus to the apparatus x and from the apparatus x to the transmitter. 
Therefore, the transmission paths of the response request command MC and the 
response message MCR become longer than the ordinary transmission path 
(transmission path between the transmitter and receiving apparatus). In this case 
5 therefore, since the response time RTT becomes longer than the prescribed time TL, 
the apparatus x is judged not connected to the same LAN 1 as that of the transmitter 
so that the apparatus x is not provided with the transmission data. 

Although an above-described series of processes may be realized by 
hardware, they may be realized by software. If a series of processes are to be 

10 realized by software, the program constituting the software is installed in a computer 
and the computer executes the program to functionally realize the above-described 
transmission grant judgment unit 21 and response control unit 22. 

Fig. 16 is a block diagram showing the structure of a computer 101 
according to an embodiment, the computer functioning as the transmission grant 

15 judgment unit 21 and response control unit 22 described earlier. An input/output 
interface 116 is connected via a bus 115 to a CPU (Central Processing Unit) 111. 
When a user inputs a command from an input unit 117 such as a keyboard and a 
mouse to CPU 111 via the input/output interface 116, CPU 1 1 1 loads a program into 
a RAM (Random Access Memory) 113 and executes it to execute the 

20 above-described various processes. The program is stored in a storage medium 
such as: a ROM (Read Only Memory) 1 12; a hard disk 1 14; a magnetic disk 131, an 
optical disk 132, a magnetic optical disk 133 and a semiconductor memory 134 to be 
loaded on a drive 120. CPU 1 1 1 outputs the processed results, when necessary, for 
example, to an output unit 118 such as an LCD (Liquid Crystal Display) via the 

2 5 input/output interface 116. The program may be stored in advance in the hard disk 
1 14 or ROM 1 12 to provide a user with the program bundled in the computer 101, 
the program may be provided as package media such as the magnetic disk 131, 
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optical disk 132, magnetic optical disk 133 and semiconductor memory 134, or the 
program may be stored in the hard disk 1 14 from a satellite, a network or the like via 
a communication unit 119. 

In this specification, steps describing the program provided by a 
recording medium contain not only a process to be executed time sequentially in the 
sequence of written statements but also a process to be executed parallel or 
independently without being processed time sequentially. 

In this specification, a system may designate an entire apparatus 
constituted of a plurality of apparatuses. 

Industrial Applicability 

According to the first and third inventions, a response time of a 
receiving apparatus can be measured properly. 

According to the second and fourth inventions, information can be 
provided which is necessary for a transmitter to properly measure a response time. 
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